﻿<!-- #Include File="../../Include/Function.asp" -->
<!-- #Include File="../../Include/Channel.asp" -->
<!-- #Include File="../../Include/FileSys.asp" -->
<!-- #Include File="../../Include/Public.asp" -->
<!-- #Include File="../../Include/Put.asp" -->
<%
'模型 ID
If Request("ChannelID") <> "" Then
	ChannelID = Code_CLng(Trim(Request("ChannelID")))
End If
If ChannelID > 0 Then
	Call GetChannel(ChannelID)
End If
Dim ClassID
	ClassID = Code_ID("ClassID")

If NeedCheckComeUrl = True Then
	Call CheckComeUrl
End If

Dim Data_Name

'检查管理员是否登录
Dim Login_Username, Login_Password
Dim AdminID, AdminRndPassword, AdminLoginCode, AdminGroupID, AdminPurview_Group
Dim rsGetAdmin, sqlGetAdmin
AdminID = Session_Get(Session_For&"AdminID")
Login_Username = Cookies_Get(Cookies_For&"AdminUsername")
Login_Password = Cookies_Get(Cookies_For&"AdminPassword")
AdminRndPassword = Cookies_Get(Cookies_For&"AdminRndPassword")
AdminLoginCode = Cookies_Get(Cookies_For&"AdminLoginCode")
If Login_Username = "" Or Login_Password = "" Or AdminRndPassword = "" Or (Web_AdminCodes <> "" And AdminLoginCode <> Web_AdminCodes) Then
    Call CloseConn()
	Session_Delele()
	Cookies_Delele()
    Response.Redirect InstallDir & AdminFolder & "/Admin_Login.asp"
End If
sqlGetAdmin = "select * from Admin where UserName='" & Login_Username & "' and Password='" & Login_Password & "'"
Call Exe_Conn(rsGetAdmin,sqlGetAdmin,1)
If rsGetAdmin.BOF And rsGetAdmin.EOF Then
	rsGetAdmin.Close
	Set rsGetAdmin = Nothing
	Call CloseConn()
	Session_Delele()
	Cookies_Delele()
	Response.Redirect InstallDir & AdminFolder & "/Admin_Login.asp"
Else
	If rsGetAdmin("EnableMultiLogin") <> True And Trim(rsGetAdmin("RndPassword")) <> AdminRndPassword Then
		Session.Codepage = 65001
		Response.Charset = "utf-8"
		Response.Write "<br><p align='center'><font color='red'>对不起，为了系统安全，本系统不允许两个人使用同一个管理员帐号进行登录！</font></p><p align='center'>因为现在有人已经在其他地方使用此管理员帐号进行登录了，所以你将不能继续进行后台管理操作。</p><p align='center'>你可以<a href='" & InstallDir & AdminFolder & "/Admin_Login.asp' target='_top'>点此重新登录</a>。</p>"
		rsGetAdmin.Close
		Set rsGetAdmin = Nothing
		Call CloseConn()
		Session_Delele()
		Cookies_Delele()
		Response.End()
	End If
	If rsGetAdmin("IsOpen") = False Then
		Session_Delele()
		Cookies_Delele()
		Response.Redirect InstallDir & AdminFolder & "/Admin_Login.asp"
		Response.End()
	End If
End If

AdminID = rsGetAdmin("ID")
UserName = rsGetAdmin("UserName")
Password = rsGetAdmin("Password")
AdminGroupID = rsGetAdmin("GroupID")
LastLoginTime = Time_Type(rsGetAdmin("LastLoginTime"),1)
Session_Set Session_For&"AdminID",AdminID
Session_Set Session_For&"AdminGroupID",AdminGroupID

If AdminGroupID <> 0 Then
	sqlGetGroup = "select * from Admin_Group where GroupID=" & AdminGroupID & " and status=1"
	Call Exe_Conn(rsGetGroup,sqlGetGroup,1)
	If rsGetGroup.BOF And rsGetGroup.EOF Then
		rsGetGroup.Close
		Set rsGetGroup = Nothing
		AdminPurview_Group = 0
	Else
		GroupName = rsGetGroup("GroupName")
		AdminPurview_Group = rsGetGroup("rules")
		If StrLen(AdminPurview_Group) = 0 Then AdminPurview_Group = 0
	End If
End If

Function CheckPurview(byval t0,byval t1)
	If AdminGroupID = 0 Then Exit Function
	Session.Codepage = 65001
	Response.Charset = "utf-8"
	If instr(","&AdminPurview_Group&",",","&t0&",")<=0 Then
		If t1 = 1 Then
			Response.Write "{""code"":0,""msg"":""\u60a8\u65e0\u6b64\u64cd\u4f5c\u6743\u9650\u3002""}" & vbCrLf
		Else
			Response.write "<br><p align='center'><font color='red'>对不起，您无此操作权限。</font></p>"
		End If
		Call CloseConn()
		Response.End()
	End If
End Function

'=================================================
'过程名：CheckSecretCode
'作  用：效验安全码
'=================================================
Function CheckSecretCode(ByVal iCode)
	Dim j, secritycode, rNum, lcode
	secritycode = ""
	If iCode = "start" Then
		Randomize Timer
		lcode = "0123456789abcdefghijklmnopqrstuvwxyz"
		For j = 0 To 10
		rNum = CInt(35 * Rnd)
			secritycode = secritycode & Mid(lcode, rNum + 1, 1)
		Next
		Session("AdminSecretCode") = secritycode
		CheckSecretCode = secritycode
	Else
		If iCode = "" Or iCode <> Session("AdminSecretCode") Then
			CheckSecretCode = False
		Else
			CheckSecretCode = True
		End If
		Session("AdminSecretCode") = ""
	End If
End Function

Function CheckComeUrl()
	Session.Codepage = 65001
	Response.Charset = "utf-8"
	Dim ComeUrl, TrueSiteUrl, cUrl
	ComeUrl = Trim(Request.ServerVariables("HTTP_REFERER"))
	TrueSiteUrl = Trim(Request.ServerVariables("HTTP_HOST"))
	If ComeUrl = "" Then
		Response.Write "<br><p align='center'><font color='red'>对不起，为了系统安全，不允许直接输入地址访问本系统的后台管理页面。</font></p>"
		'Call WriteEntry(1, "", "直接地址输入访问后台")
		Response.End()
	Else
		cUrl = Trim("http://" & TrueSiteUrl)
		If LCase(Left(ComeUrl, Len(cUrl))) <> LCase(cUrl) Then
			Response.Write "<br><p align='center'><font color='red'>对不起，为了系统安全，不允许从外部链接地址访问本系统的后台管理页面。</font></p>"
			'Call WriteEntry(1, "", "外部链接访问后台")
			Response.End()
		End If
	End If
End Function
%>